medium

AWS SageMaker Jupyter Notebook instance CSRF

Published Thu, Dec 2nd, 2021
Platforms

Summary

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments. The exact same issue existed in GCP previously.

Affected Services

SageMaker Jupyter Notebook

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/a10ns
Entry Status
Finalized
Disclosure Date
Thu, Dec 2nd, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
8.37
(PI:1.5/A1:20/A2:1/A7:1.1/A8:0.9)
Discovered by
Gafnit Amiga, Lightspin

More vulnerabilities...

medium

AWS SageMaker Jupyter Notebook instance CSRF

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments...

...
Gafnit Amiga, Lightspin

medium

AWS SageMaker Jupyter Notebook instance CSRF

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments...

...
Gafnit Amiga, Lightspin

medium

AWS SageMaker Jupyter Notebook instance CSRF

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments...

...
Gafnit Amiga, Lightspin

View all